Glock Talk banner

Proposed congressional bills to tighten email loopholes in Electronic Privacy Act

927 views 0 replies 1 participant last post by  MB-G26 
#1 ·
From EPIC Alert 8/4/04, EPIC Alert 11.15
[5] Congress Considers Bills to Strengthen E-Mail Privacy
===================================================

Rep. Jay Inslee (D-WA) has introduced the E-mail Privacy Act of 2004,
H.R. 4956, which would address two weaknesses in the Electronic
Communications Privacy Act that were recently highlighted in a
controversial First Circuit case. In United States v. Councilman, the court found that an ISP's real-time, continuous acquisition of subscriber e-mail did not violate federal wiretap law.

The new bill would fix this misinterpretation of the Wiretap Act as well as close a long-standing loophole in the law governing stored communications that allows an Internet Service Provider (or any electronic communication service provider) to read its subscribers' communications. A second bill, the E-mail Privacy Protection Act of 2004, H.R. 4977, has been introduced by Rep. Jerrold Nadler (D-NY) to address the same issues.

In creating the 1986 Electronic Communications Privacy Act, Congress
updated existing wiretap law to address electronic communications.
Before, only wire and oral communications were protected from
interception. The amendments extended protections against
interception to electronic communications, and also sought to
establish legal standards for access to email in the possession of a
service provider. The changes created two categories of electronic communications -- those "in transit," which enjoy relatively generous protection under the first tier of the Electronic Communications Privacy Act (the Wiretap Act), and those "in storage," which receive a lesser degree of legal protection under the second tier of the Electronic Communications Privacy Act (the Stored Communications Act).

The categories that resulted from the amendments were viewed as
complimentary efforts to protect the privacy of electronic
communications. The tiering of communications resulted more from the
effort to address specific concerns -- such as extending protections
to electronic communications and creating safeguards for stored
communications -- than to formally categorize the privacy protection
for each type of information.

The Councilman case involved the conduct of Interloc, an online
literary clearinghouse that sought to pair its subscribers -- rare and used book dealers -- with book buyers. Brad Councilman, former
executive of the company, directed Interloc employees to write
computer code to intercept and copy all incoming communications from
Amazon.com to the subscriber book dealers, for whom Interloc provided
e-mail service. According to the indictment, the Interloc systems
administrator wrote a revision to the mail processing code that
intercepted, copied and stored all incoming messages from Amazon.com
before they were delivered to the subscribers. Councilman was charged with violating the Wiretap Act. However, because the messages were in "temporary storage" while on the Interloc e-mail server -- momentarily before being made available to subscribers -- the court held that the messages were not "intercepted" in violation of the Wiretap Act.

The House bills seek to correct the First Circuit's narrow
interpretation
of the provision by clarifying the language, thus
reflecting the Congressional intent of the Electronic Communications
Privacy Act: the real-time, continuous acquisition of messages while
they are in transit -- even if stored momentarily during the course of transmission -- should be an "interception" under the Wiretap Act.

H.R. 4956 appears to address the issue more directly than H.R. 4977 by modifying the definition of "interception." Without these
modifications, and using the anomalous interpretation of the First
Circuit, law enforcement may be able to gain such real-time,
continuous acquisition of a suspect's e-mail or other electronic
communications without following the strict requirements for a wiretap court order.

Counterintuitively, Brad Councilman could not be charged under the
second tier of the Electronic Communications Privacy Act, the Stored
Communications Act. Both the Wiretap Act and the Stored
Communications Act contain a "service provider exception," allowing
the service provider to monitor subscriber communications under
certain circumstances.

The exception in the Wiretap Act allows the
provider to monitor communications to the extent necessary for the
provision of the service (e.g. ensuring that phone line quality is
sufficient). However, the Stored Communications Act exception allows
providers -- including ISPs -- to monitor communications without any
such qualification. This extremely broad exception allowed Councilman to escape liability under the Stored Communications Act as well. The bills seek to close this loophole by modifying the service provider exception language in the Stored Communications Act to approximate that of the Wiretap Act.

H.R. 4956, the E-mail Privacy Act of 2004:

http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.4956:

H.R. 4977, the E-mail Privacy Protection Act of 2004:

http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.4977:

The opinion in United States v. Councilman:

http://www.ca1.uscourts.gov/pdf.opinions/03-1383-01A.pdf

For more information about wiretap law, see EPIC's Wiretap Page:

http://www.epic.org/privacy/wiretap
just fyi
m
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top